6 Answers
6

Yes, it is possible to tell that you are logged in (or at least used the service). In at least two ways:

1) Explicit connection. If YouTube uses the Facebook API to connect and check whether Facebook knows who you are in that session.

2) Using CSS tricks, where a website can check whether you have specific (well-known) images or files in your browser cache. They cannot tell who you are, but they can figure out which services you use.

The second way is how bookmarking services or OpenID providers can show you your top five services out of several hundreds they support.

No way, is not really correct. There are a couple of ways that sites can tell what other sites you have been to or currently have open sessions with. Pages can tell where you came from via referrer links, so if you are coming from Facebook to YouTube they could suggest you login using facebook based on the fact that you came from there. Also because facebook uses OAuth 2.0, YouTube can use it's OAuth protocol to tell that you are in a facebook OAuth session and suggest that you login using that same session.
–
dryeJul 19 '10 at 12:15

This is "in theory". Things like flash and browser exploits make this less true in reality.
–
Kendall HopkinsJul 20 '10 at 4:30

However, I do believe that OpenID and OAuth sites can detect if you are signed in to another OpenID or OAuth provider. This is how they know, and are trying to provide a service letting you know you can use that login on their site.

It appears that Facebook DOES know you are logged-in on a number of websites - that's probably because you are seeing the new "Like" social widgets ("plugins") that are all over the web.

To the average user, it appears that FB knows you are logged in, because you see which of your friends have "liked" that site or piece of content. However, technically, the FB social plugins are small iframes that are still hosted on facebook.com: